Despite potential use cases spreading from voting to healthcare, the use of blockchain technology to aid cybersecurity has been dealt a blow by one of the leading figures of the industry.
Speaking at the Black Hat USA conference in Las Vegas, Parisa Tabriz, Google director of engineering and the head of the company Project Zero security team, said that the use of blockchain when facing security challenges may still need more work.
In the opening keynote of the event, Tabriz said that “blockchain is not going to solve security problems…we have made great strides in the past decade, but the threat landscape is becoming increasingly complex and our current approach is insufficient.”
Google Chrome security
Tabriz went on to call for more collaboration across the security industry when it comes to dealing with the latest threats, and how Project Zero’s work is hoping to alter the status quo.
Noting that the vast majority of the issues reported by Project Zero are now fixed within the 90-day disclosure period, she highlighted how this “offensive” strategy could be the future when planning security responses.
“Project Zero’s strategy is to build a practical offensive security research pipeline to advance the broader understanding of exploitation amongst vendors. That ultimately leads to structural improvements and better end user security for the world,” she said, noting that Project Zero has already found around 1,400 flaws.
“Making fundamental change to the status quo is hard, but necessary. It absolutely leads to upsetting people. If you’re not upsetting people, you’re not changing the status quo.”
Tabriz also referenced noted the challenges that faced Google itself during the multi-year project to transition Chrome from HTTP to HTTPS as one of the most important breakthroughs at the company.
The six-year development process hit a number of hurdles and difficulties, but eventually paid off when Chrome was able to better protect its users from the Spectre and Meltdown attacks.
The project has also led to a major upswing in HTTPS adoption, which is now at 87 percent today compared to just 45 percent in Chrome in 2014, with Android rising from 29 percent four years ago to 77 percent today.
Via The Register